Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Adding Exposed headers for CORS

By default, when doing CORS ajax request, following headers will be available:

 - Cache-Control
 - Content-Language
 - Content-Type
 - Expires
 - Last-Modified
 - Pragma

[source](http://www.w3.org/TR/cors/#simple-response-header)

[more info - point 4](http://www.w3.org/TR/cors/#resource-requests)

if we need to read anything else from headers (even-thou they are returned) we need to provide `Access-Control-Expose-Header`, otherwise browsers will not allow to get these headers from xhr response.

Exact case: [SO question](http://stackoverflow.com/questions/17038436/reading-response-headers-when-using-http-of-angularjs)

Im not sure if there are other headers that will need to be exposed, but `Location` is required for getting information about created projection
  • Loading branch information...
commit d12e0ccc05bba0b9a617458e2d4de8ce5e2dd728 1 parent b60acad
@Gutek Gutek authored
View
1  src/EventStore/EventStore.Transport.Http/EntityManagement/HttpEntityManager.cs
@@ -162,6 +162,7 @@ private void SetRequiredHeaders()
HttpEntity.Response.AddHeader("Access-Control-Allow-Methods", string.Join(", ", _allowedMethods));
HttpEntity.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, X-Requested-With, X-PINGOTHER, Authorization");
HttpEntity.Response.AddHeader("Access-Control-Allow-Origin", "*");
+ HttpEntity.Response.AddHeader("Access-Control-Expose-Headers", "Location");
if (HttpEntity.Response.StatusCode == HttpStatusCode.Unauthorized)
HttpEntity.Response.AddHeader("WWW-Authenticate", "Basic realm=\"ES\"");
}
Please sign in to comment.
Something went wrong with that request. Please try again.